On Tuesday 18 Dec 2001 12:15, you wrote: > Zdrawejte > Izchetoh iptables i NAT Howto. > Iskam da podkaram "adres translaciata" obache ne wurwi kakto triabwa - > raboti kato masquerading (iniciatiwa za konekcia samo w ednata posoka) > Imam RH 7.2 kernel 2.4.16 wcicko za NAT e kompilirano wutre. > 2 ethernet-a - eth0 172.16.31.100 i eth1 192.168.0.3 > Iskam PC-to 192.168.0.10 da izliza kato 172.16.31.110 i suotwetno wseki > kojto potursi (ot eth0) 172.16.31.110 da wizda PC-to 192.168.0.10 > Okazwa se che sega raboti kato masquerading - PC-to izliza nawun no > nikoj nemoze da inicira connection kum nego otwun (t.e. kum > 172.16.31.110) > Towa e komandata : > iptables -t nat -I POSTROUTING -s 192.168.0.10 -o eth0 -j SNAT > --to-source 172.16.31.110 > Niakakwi idei - kude burkam ? Kakwo ne sum prochel ili razbral kakto > triabwa ? > Izobshto kak prawite NAT-a za sluchaj kato moia ? > Blagodaria wi predwaritelno
Ne znam dali shte ti pomogna, no eto kakwo pishe za puskaneto na transparent proxy sys squid na otdelna mashina twoqta situaciq misla che e blizka: "For the purposes of example commands, let's assume we have two boxes called squid-box and iptables-box, and that they are on the network local-network. In the commands below, replace these strings with the actual IP addresses or name of your machines and network. First, the machine that squid will be running on, squid-box. You do not need iptables or any special kernel options on this machine, just squid. You do not need the 'http_accel' options as described above, just a plain squid (although, if you are a squid newbie, it is suggested that you read the above section on squid, since everything else but the 'http_accel' options will be useful to you). Now, the machine that iptables will be running on, iptables-box You will need to configure the kernel as described above, except that you don't need the REDIRECT target support). Now, for the iptables commands. You need three: iptables -t nat -A PREROUTING -i eth0 -s ! squid-box -p tcp --dport 80 -j DNAT --to squid-box:3128 iptables -t nat -A POSTROUTING -o eth0 -s local-network -d squid-box -j SNAT --to iptables-box iptables -A FORWARD -s local-network -d squid-box -i eth0 -o eth0 -p tcp --dport 3128 -j ACCEPT The first one sends the packets to squid-box from iptables-box. The second makes sure that the reply gets sent back through iptables-box, instead of directly to the client (this is very important!). The last one makes sure the iptables-box will forward the appropriate packets to squid-box. It may not be needed. YMMV. Note that we specified '-i eth0' and then '-o eth0', which stands for input interface eth0 and output interface eth0. If your packets are entering and leaving on different interfaces, you will need to adjust the commands accordingly. " Eto ti i linka ot kadeto go cheta http://www.linuxdoc.org/HOWTO/mini/TransparentProxy-6.html =========================================================================== A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers) http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara Zagora
